Novell Vibe Security Announcement: CVE-2014-3566 'POODLE' weakness in the SSL protocol

  • 7015805
  • 20-Oct-2014
  • 20-Feb-2015


Novell Vibe 3.x


SSLv3 Fallback Protection “POODLE” vulnerability (CVE-2014-3566)

Severity: Medium

Version: OpenSSL 1.0.1, 1.0.0, 0.9.8

POODLE stands for Padding Oracle On Downgraded Legacy Encryption. This vulnerability allows a man-in-the-middle attacker to decrypt cipher text using a padding oracle side-channel attack.

OpenSSL Description: "Some client applications (such as browsers) will reconnect using a downgraded protocol to work around interoperability bugs in older servers. This could be exploited by an active man-in-the-middle to downgrade connections to SSL 3.0 even if both sides of the connection support higher protocols. SSL 3.0 contains a number of weaknesses including POODLE."

All products using OpenSSL version 1.0.1, 1.0.0, 0.9.8 are impacted.


A fix for this issue is available in the Vibe 3.4 Hot Patch 1, available via the Novell Patch Finder.


Security Alert

Additional Information